Help with scripting: Install a package within a .dmg

obi-k
Valued Contributor III

Hello,

I need help with scripting an installation. Forgive me for my lack of skills in the area.

I was given an agent to install. The package and config. file is within the .dmg file. When I try to extract the package to push (ARD or Casper) it fails. The negative package is just a preflight and postflight script.

How would you install this leveraging Jamf Pro? Could I get help with scripting this?

My thought was to:

• Copy the .dmg file to a tmp folder
• Open the .dmg
• Install the package within the .dmg
• eject the FireEye Agent installer
• delete .dmg file

I saw this link too, but still need help:
Jamf Post

f8ca8d38334f441bab4b5abc1535efaa

2 ACCEPTED SOLUTIONS

mm2270
Legendary Contributor III

Why not copy the pkg and the config file into a new folder in /tmp/, then drag that folder into Composer's sidebar to make a source and finally add a postinstall script that calls the installer from that location in /tmp/? It would run the install and, I would think, see the config file in the same directory and use it. If I had to guess, the installer package script is likely looking at the running path and looking in that same directory for the config file to use.
Has something like that been tried yet?

View solution in original post

mm2270
Legendary Contributor III

Yes, but drop the sudo. When the package is run by the jamf binary it's running as root, so no sudo is required. Just replace the /path/to/package/package.pkg with something like /private/tmp/FireEyeAgent/xagtSetup_25.12.0.mpkg or whatever the folder name is that you choose to place it in.

So when the custom pkg gets run, it drops the payload into /private/tmp/FireEyeAgent/ and that will have the installer + the config file in it. Then your postinstall script would run the above installer command line. Hopefully that will make it install properly and recognize the config file at run time.

View solution in original post

22 REPLIES 22

jared_f
Valued Contributor

@mvu

You could temporarily mount a DMG and the use the following command to trigger the install:

#!/bin/sh
sudo installer -pkg /path/to/package.pkg -target /

crodriguez
New Contributor

@mvu

Could use Composer as well to do a before and after snapshot of the install. Run Compose on a machine that does not have this installed, start the before snapshot then create a folder on the system and copy the dmg into that folder, run the install as you would normally, when completed end the snapshot and create a .pkg from the changes. It should create a .pkg that has the contents of the dmg in it as well as the process you took to install it. Once the pkg is created, just do a manual test on another machine of running the .pkg before uploading into JAMF and building out a policy....just my two cents :)

obi-k
Valued Contributor III

@crodriguez I'll give that a shot. This would be a way to avoid my lack of scripting skills.

mm2270
Legendary Contributor III

Why not copy the pkg and the config file into a new folder in /tmp/, then drag that folder into Composer's sidebar to make a source and finally add a postinstall script that calls the installer from that location in /tmp/? It would run the install and, I would think, see the config file in the same directory and use it. If I had to guess, the installer package script is likely looking at the running path and looking in that same directory for the config file to use.
Has something like that been tried yet?

obi-k
Valued Contributor III

@mm2270 I think you're right about the installer package script looking at the running path. I'll give this a shot. Would you use the script above as the postinstall?

!/bin/sh

sudo installer -pkg /path/to/package.pkg -target /

mm2270
Legendary Contributor III

Yes, but drop the sudo. When the package is run by the jamf binary it's running as root, so no sudo is required. Just replace the /path/to/package/package.pkg with something like /private/tmp/FireEyeAgent/xagtSetup_25.12.0.mpkg or whatever the folder name is that you choose to place it in.

So when the custom pkg gets run, it drops the payload into /private/tmp/FireEyeAgent/ and that will have the installer + the config file in it. Then your postinstall script would run the above installer command line. Hopefully that will make it install properly and recognize the config file at run time.

obi-k
Valued Contributor III

Boom. I learned something today. I was able to package it, copy the files over, install the agent and remove the folder.

Thanks @mm2270 and everyone who chimed in. I know you said drop the sudo, but I'm used to leaving it in.fe3577f8a1324d2899f791e96a1412e4

jskidmore
New Contributor III

If it helps. I also Use Whitebox Packages to help re-package apps or deploy things and run scripts. It's a good tool to have along with Composer.

asedelmeyer
New Contributor

Hello All, I am new to the forums, been using Casper for about a year now, just really getting into the nitty-gritty, so I need some help please.

I followed the instructions (suggestions) by mm 2270 above exactly and was able to get the package created by composer, using the post-install script above. I tested said package on 2 macs and it works great, installing the FireEye agent and I can see it in the console.

But, after I uploaded the same package to Admin and run it for deployment on a new image, it does not run. But, I can run the same exact package in my source files and it will install.

What am I missing?

omaromar
New Contributor

Hello All,

Followed the above and it still doesn't work, says it installs successfully, but the agent really instant running?

Could we get some 2018 updates please.

Thanks

bainter
Contributor

@omaromar Check Activity Monitor (All Processes) and search for the process name 'xagt' and 'FireEye Notification' then you should be good. The ultimate check would be with the personnel who monitor the results.

If those processes aren't running, then check that your postinstall script has:

/usr/bin/sudo launchctl load -w "/Library/LaunchAgents/com.fireeye.xagtnotif.plist"
/usr/bin/sudo launchctl load -w "/Library/LaunchDaemons/com.fireeye.xagt.plist"

obi-k
Valued Contributor III

0ece813f16d34cbdbdb6c726273a4fc2
I guess I'm unsubscribed to this. Did @asedelmeyer @omaromar get it working?

We are moving to version 26.21.10. I repackaged the agent config file and xagtSetup package, updated the script, and all is working. I see "FireEye Notification" just like @bainter says.

nikjamf
New Contributor III

Hello,
How is the update script looks alike, I try the script above and Composer package and the agent do not install it . just create the Folder in /Library/ FireEye with two files, and I did not see any notifications or file in the Application folder.

idodd
New Contributor

Hi,

I try this few times. Installation is successful but don't see agent running under ps aux | grep xagt.

Also, I added below to post install script but no luck

**If those processes aren't running, then check that your postinstall script has:

/usr/bin/sudo launchctl load -w "/Library/LaunchAgents/com.fireeye.xagtnotif.plist"
/usr/bin/sudo launchctl load -w "/Library/LaunchDaemons/com.fireeye.xagt.plist"**

fyi..I am using this installer package ver xagtSetup_31.28.0.pkg.

obi-k
Valued Contributor III

Thanks @omaromar for those postinstall script. We are installing version 32.30.0. It's a little different.

If you don't run those two lines in your post install script, the Macs need a restart. For Macs 10.12, you need to restart regardless.

Also, for some reason FireEye is asking for Kext approval from "Bitdender" on Macs 10.13 and up. Looks like you'll need to approve that or have Jamf send a Config profile.

Team ID: GUNFMW623Y|com.Bitdefender.iokit.av|1|Bitdefender SRL|1

ddeth
New Contributor

Hi @mvu
Did you get any script working where you are also adding Kext approval for the for the Bitdefender part? I am currently trying to get it working with xagtSetup_32.30.0 on a macOS version 10.15.5.
In case you figured it out would you be willing to share it here?
Thank you very much!

obi-k
Valued Contributor III

@ddeth I pushed a configuration profile with Approved Kernel Extension ...

1a947264e18d4cd5a49d00e12ab2a62c

k3vmo
Contributor II

How do you mount the DMG initially? I follow that you'd copy it to /tmp but then you'd need to mount the DMG and that's the part I'm stuck on

obi-k
Valued Contributor III

So, we're skipping that part by re-packaging the contents inside the DMG. This way, we skip having to mount any DMG.

You'll need to re-package two pieces: the agent config file and xagt setup package, which goes into the tmp folder. If you go back to my 8/21/2018 post above, you'll see the insides of my package. After that, you run a postscript which you can bake into the package using Composer, or use Jamf to run it after.

k3vmo
Contributor II

@mvu Thanks for replying so fast -- I guess my question is unrelated at this point - is there a reference on how to mount a DMG you can point me to? Struggling to find one.

TJeff
New Contributor II

I haven't found much documentation in the Jamf manual for this but, something else to consider; when you deploy a dmg as the package in a Jamf Policy, Jamf will mount the diskimage and join it to the Mac's root directory by default. i.e. If there is a directory tree on the disk image such as Library/Application Support/My_Payload, it will be joined to the root directory and there will be a new "My_Payload" folder found under /Library/Application Support/ if there wasn't one there already. It will stay mounted until it is unmounted or a reboot. You would definitely want to mimic any file ownership and privileges to your diskimage for directories normally found on the Mac and disable "Ingore ownership on this volume" for that diskimage.

This method works out well for those PKGs that need to be executed with a configuration plist in the same directory or installers that need to be passed specific arguments or flags like FireEye and VMware Fusion. No need to package the dmg within a pkg, instead you just have a dmg as your package and have a script in the policy to call the execution after the dmg is mounted. When the installation has completed, call the unmount command ( hdiutil detach Library/Application Support/My_Payload ).

ryan_ball
Valued Contributor

@k3vmo Here is an example of attaching to a dmg and installing a package inside:

#!/bin/bash

# Variables
dmgPath="/path/to/file.dmg"
packageName="PackageName.pkg"

# Mount the DMG, and save its device
device=$(/usr/bin/hdiutil attach -nobrowse "$dmgPath" | /usr/bin/grep "/Volumes" | /usr/bin/awk '{ print $1 }')

# Using the device, determine the mount point
mountPoint=$(/usr/bin/hdiutil info | /usr/bin/grep "^$device" | /usr/bin/cut -f 3)

# Find the package inside
foundPackage=$(/usr/bin/find "$mountPoint" -type d -iname "*$packageName" -maxdepth 1 | /usr/bin/grep -v "^$mountPoint$")

# Install the package
/usr/sbin/installer -pkg "$foundPackage" -target /

exit 0